Abstract
The digital revolution has transformed nearly every aspect of our lives, and identity is no exception. Though ever present, it is now time to seriously and carefully consider the digitisation of identity. Self-Sovereign Identity (SSI) has emerged as a promising solution, empowering individuals to control their own identity data and reducing reliance on centralised systems. SSI is a user-centric approach to digital identity. Its intrinsic focus on credentials makes it well-suited to model existing traditional physical identity credentials. SSI eliminates reliance on third-party data custodians, reduces the risk of data breaches and maintains the privacy of its users. However, the concept of trust in SSI remains complex and fragmented. Furthermore, there is an unaddressed inherent tension between balancing the need to safeguard user privacy (by keeping identifiable information protected) and the need to establish trust between untrusting parties. This thesis provides two significant and novel contributions towards defining and establishing trust and privacy in SSI. First, this thesis systematically analyses trust in SSI in light of its components and threats posed by various actors in the system. Three distinct trust models are derived, capturing the threats and mitigation strategies found in SSI literature and implementations. This work provides a foundational framework for future SSI research and development, including a comprehensive catalogue of SSI components and design requirements for trust, shortcomings in existing SSI systems, and areas for further exploration. Second, this thesis explores identity escrow as a potential solution to the privacy-trust conflict in SSI. By placing private identity data in escrow accessible only under specific conditions, identity escrow offers a potential compromise for untrusting parties. This thesis proposes a practical design and implementation of identity escrow in SSI as a novel extension to existing schemes. This extension is evaluated for the overhead it introduces on SSI implementations, and the design is compared to existing non-SSI escrow approaches. Together, these contributions aim to establish a future where our digital identity can foster trust between untrusting parties while preserving user privacy.